More Than 1,200 Phishing Toolkits Capable of Intercepting 2FA Detected in the Wild

Do you work on the project on the project repository? You can use this tool to automatically sync your releases to SourceForge, so that you can take advantage of SourceForge's massive reach, and you can keep using GitHub.

The story is 156919043.

The security-woes dept. posted a message on Monday December 27.

A team of academics said it found more than 1,200 toolkits that are capable of intercepting and allowing criminals to circumvent 2FA security codes. In the last few years, these tools have become extremely popular in the cybercrime underworld after major tech companies started making 2FA a default security feature for their users. The direct result was that threat actors who tricked a user into entering credentials on a site found that they couldn't use them because they couldn't use 2FA. Threat actors started using new tools that allow them to steal a user's login cookies, which are files created inside a web browser once the user has signed into an account. In most instances, the groups that commit these crimes rely on a type of malicious software known as an "Infostealer" to steal these cookie files. There is another way to steal these files that does not rely on infecting a computer with a computer worm.